1/* SPDX-License-Identifier: GPL-2.0 */
2/*
3 * A security context is a set of security attributes
4 * associated with each subject and object controlled
5 * by the security policy. Security contexts are
6 * externally represented as variable-length strings
7 * that can be interpreted by a user or application
8 * with an understanding of the security policy.
9 * Internally, the security server uses a simple
10 * structure. This structure is private to the
11 * security server and can be changed without affecting
12 * clients of the security server.
13 *
14 * Author : Stephen Smalley, <stephen.smalley.work@gmail.com>
15 */
16#ifndef _SS_CONTEXT_H_
17#define _SS_CONTEXT_H_
18
19#include "ebitmap.h"
20#include "mls_types.h"
21#include "security.h"
22
23/*
24 * A security context consists of an authenticated user
25 * identity, a role, a type and a MLS range.
26 */
27struct context {
28 u32 user;
29 u32 role;
30 u32 type;
31 u32 len; /* length of string in bytes */
32 struct mls_range range;
33 char *str; /* string representation if context cannot be mapped. */
34};
35
36static inline void mls_context_init(struct context *c)
37{
38 memset(&c->range, 0, sizeof(c->range));
39}
40
41static inline int mls_context_cpy(struct context *dst, const struct context *src)
42{
43 int rc;
44
45 dst->range.level[0].sens = src->range.level[0].sens;
46 rc = ebitmap_cpy(dst: &dst->range.level[0].cat, src: &src->range.level[0].cat);
47 if (rc)
48 goto out;
49
50 dst->range.level[1].sens = src->range.level[1].sens;
51 rc = ebitmap_cpy(dst: &dst->range.level[1].cat, src: &src->range.level[1].cat);
52 if (rc)
53 ebitmap_destroy(e: &dst->range.level[0].cat);
54out:
55 return rc;
56}
57
58/*
59 * Sets both levels in the MLS range of 'dst' to the low level of 'src'.
60 */
61static inline int mls_context_cpy_low(struct context *dst, const struct context *src)
62{
63 int rc;
64
65 dst->range.level[0].sens = src->range.level[0].sens;
66 rc = ebitmap_cpy(dst: &dst->range.level[0].cat, src: &src->range.level[0].cat);
67 if (rc)
68 goto out;
69
70 dst->range.level[1].sens = src->range.level[0].sens;
71 rc = ebitmap_cpy(dst: &dst->range.level[1].cat, src: &src->range.level[0].cat);
72 if (rc)
73 ebitmap_destroy(e: &dst->range.level[0].cat);
74out:
75 return rc;
76}
77
78/*
79 * Sets both levels in the MLS range of 'dst' to the high level of 'src'.
80 */
81static inline int mls_context_cpy_high(struct context *dst, const struct context *src)
82{
83 int rc;
84
85 dst->range.level[0].sens = src->range.level[1].sens;
86 rc = ebitmap_cpy(dst: &dst->range.level[0].cat, src: &src->range.level[1].cat);
87 if (rc)
88 goto out;
89
90 dst->range.level[1].sens = src->range.level[1].sens;
91 rc = ebitmap_cpy(dst: &dst->range.level[1].cat, src: &src->range.level[1].cat);
92 if (rc)
93 ebitmap_destroy(e: &dst->range.level[0].cat);
94out:
95 return rc;
96}
97
98
99static inline int mls_context_glblub(struct context *dst,
100 const struct context *c1, const struct context *c2)
101{
102 struct mls_range *dr = &dst->range;
103 const struct mls_range *r1 = &c1->range, *r2 = &c2->range;
104 int rc = 0;
105
106 if (r1->level[1].sens < r2->level[0].sens ||
107 r2->level[1].sens < r1->level[0].sens)
108 /* These ranges have no common sensitivities */
109 return -EINVAL;
110
111 /* Take the greatest of the low */
112 dr->level[0].sens = max(r1->level[0].sens, r2->level[0].sens);
113
114 /* Take the least of the high */
115 dr->level[1].sens = min(r1->level[1].sens, r2->level[1].sens);
116
117 rc = ebitmap_and(dst: &dr->level[0].cat,
118 e1: &r1->level[0].cat, e2: &r2->level[0].cat);
119 if (rc)
120 goto out;
121
122 rc = ebitmap_and(dst: &dr->level[1].cat,
123 e1: &r1->level[1].cat, e2: &r2->level[1].cat);
124 if (rc)
125 goto out;
126
127out:
128 return rc;
129}
130
131static inline int mls_context_cmp(const struct context *c1, const struct context *c2)
132{
133 return ((c1->range.level[0].sens == c2->range.level[0].sens) &&
134 ebitmap_cmp(e1: &c1->range.level[0].cat, e2: &c2->range.level[0].cat) &&
135 (c1->range.level[1].sens == c2->range.level[1].sens) &&
136 ebitmap_cmp(e1: &c1->range.level[1].cat, e2: &c2->range.level[1].cat));
137}
138
139static inline void mls_context_destroy(struct context *c)
140{
141 ebitmap_destroy(e: &c->range.level[0].cat);
142 ebitmap_destroy(e: &c->range.level[1].cat);
143 mls_context_init(c);
144}
145
146static inline void context_init(struct context *c)
147{
148 memset(c, 0, sizeof(*c));
149}
150
151static inline int context_cpy(struct context *dst, const struct context *src)
152{
153 int rc;
154
155 dst->user = src->user;
156 dst->role = src->role;
157 dst->type = src->type;
158 if (src->str) {
159 dst->str = kstrdup(s: src->str, GFP_ATOMIC);
160 if (!dst->str)
161 return -ENOMEM;
162 dst->len = src->len;
163 } else {
164 dst->str = NULL;
165 dst->len = 0;
166 }
167 rc = mls_context_cpy(dst, src);
168 if (rc) {
169 kfree(objp: dst->str);
170 dst->str = NULL;
171 dst->len = 0;
172 return rc;
173 }
174 return 0;
175}
176
177static inline void context_destroy(struct context *c)
178{
179 c->user = c->role = c->type = 0;
180 kfree(objp: c->str);
181 c->str = NULL;
182 c->len = 0;
183 mls_context_destroy(c);
184}
185
186static inline int context_cmp(const struct context *c1, const struct context *c2)
187{
188 if (c1->len && c2->len)
189 return (c1->len == c2->len && !strcmp(c1->str, c2->str));
190 if (c1->len || c2->len)
191 return 0;
192 return ((c1->user == c2->user) &&
193 (c1->role == c2->role) &&
194 (c1->type == c2->type) &&
195 mls_context_cmp(c1, c2));
196}
197
198u32 context_compute_hash(const struct context *c);
199
200#endif /* _SS_CONTEXT_H_ */
201
202

source code of linux/security/selinux/ss/context.h